Salesforce is warning users about malware designed to steal login credentials.
While the business software maker does not have any evidence that customers have been hacked by the Dyre malware a danger still remains.
"On Sept. 3, 2014, one of our security partners identified that the Dyre malware (also known as Dyreza), which typically targets customers of large, well-known financial institutions, may now also target some Salesforce users," said Salesforce in a blog post.
The company is urging customers to work with IT and security teams to determine if they were targeted by the malware. Salesforce has also provided users with a link to submit a security support case, saying it will work with organizations to investigate issues.
Salesforce says the malware comes in the form of an email attachment and then seeks to obtain usernames and passwords by recording what the user types. What this means is that it is not Salesforce itself that is vulnerable.
"This is not a vulnerability within Salesforce," continued the blog post. "It is malware that resides on infected computer systems and is designed to steal user log-in credentials and resides on infected customer systems."
Jerome Segura, senior security researcher at Malwarebytes, says Software as a Service (SaaS) companies are becoming more important to businesses, making them bigger targets for hackers.
"Banking credentials are still the bread-and-butter for the majority of cyber-crooks because they can be immediately used," said Segura. "But the data harvested from many SaaS applications also holds a tremendous value for those willing to invest the time to dig in and find bits of information that could lead to a large compromise in a top-tier business."
Dyre, also known as Dyreza, become known as a malware in June. Similar to other online banking Trojans, it uses web browsers to log banking information. Originally, Dyre targeted the websites of Bank of America, NatWest, Citibank, RBS and Ulsterbank. The creators of the malware have now seemingly added Salesforce.com to that list.
While the software may be targeting users of Salesforce, the company says that it has no evidence of its users being attacked by it.
"We currently have no evidence that any of our customers have been impacted by this, and we are continuing our investigation," said the company in a blog post. "If we determine that a customer has been impacted by this malware, we will reach out to them with next steps and further guidance."